Following are the different methods used to provide firewall protection, and several of them are often used in combination. See firewall. Network Address Translation (NAT) Allows one IP address, which is shown to the outside world, to refer to many internal IP addresses; one on each client station. It performs the conversion back and forth. The most basic firewall, NAT is built into routers, and any user's computer that shares its Internet connection with others uses a software version. See NAT. Stateful Inspection Tracks the transaction to ensure that inbound packets were requested by the user. It generally can examine multiple layers of the protocol stack, including the data if required, so that blocking can be made at any depth. See stateful inspection. Packet Filter Blocks traffic based on a specific Web address (IP address) or type of application (e-mail, ftp, Web, etc.), which is specified by port number. Packet filtering is typically done in a router, which is known as a "screening router." See TCP/IP port and bastion host. Proxy Server Serves as a relay between two networks, breaking the connection between the two. It also typically caches Web pages (see proxy server).